MAL-2025-5337

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/themeone-animate/MAL-2025-5337.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-5337
Published
2025-07-01T09:31:00Z
Modified
2025-07-01T17:38:53Z
Summary
Malicious code in themeone-animate (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (048f8ec47ed9893b474df655b2e35cd9ac03ff636b39db4cb02203fb38c4c706)

The OpenSSF Package Analysis project identified 'themeone-animate' @ 71.71.72 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2025-07-01T09:31:00Z",
            "sha256": "048f8ec47ed9893b474df655b2e35cd9ac03ff636b39db4cb02203fb38c4c706",
            "import_time": "2025-07-01T09:37:59.096500865Z",
            "source": "ossf-package-analysis",
            "versions": [
                "71.71.72"
            ]
        },
        {
            "modified_time": "2025-07-01T10:56:07Z",
            "sha256": "9754a61353b747cf26676e1ef881b74e7a6b47d3656c2d31314048420f50b09a",
            "import_time": "2025-07-01T11:05:03.508479984Z",
            "source": "ossf-package-analysis",
            "versions": [
                "71.71.73"
            ]
        },
        {
            "modified_time": "2025-07-01T16:56:02Z",
            "sha256": "19c39946d3016fca648a311cdc53c78b05582c9d48f3e2da9efe96299a5fdfcb",
            "import_time": "2025-07-01T17:05:53.698131241Z",
            "source": "ossf-package-analysis",
            "versions": [
                "71.71.78"
            ]
        },
        {
            "modified_time": "2025-07-01T17:00:54Z",
            "sha256": "5c633bd82553337fe67107d2e8ac5a1091d3474a7a256ccb1c2c2347ae85bd72",
            "import_time": "2025-07-01T17:05:53.833485806Z",
            "source": "ossf-package-analysis",
            "versions": [
                "71.71.79"
            ]
        },
        {
            "modified_time": "2025-07-01T17:11:13Z",
            "sha256": "f7829116c3852ee7d62e18424ccd208d640010d46c24709a641f68e816beec68",
            "import_time": "2025-07-01T17:38:23.936034994Z",
            "source": "ossf-package-analysis",
            "versions": [
                "71.71.77"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / themeone-animate

Package

Name
themeone-animate
View open source insights on deps.dev
Purl
pkg:npm/themeone-animate

Affected ranges

Affected versions

71.*

71.71.72
71.71.73
71.71.77
71.71.78
71.71.79